2024-07-03_b23afa5eb12241c83ea5b7f24be879e4_mafia

Sharing

Copy URL

Twitter E-mail

General

Target

2024-07-03_b23afa5eb12241c83ea5b7f24be879e4_mafia
Size

4.1MB
MD5

b23afa5eb12241c83ea5b7f24be879e4
SHA1

ac7779f739e045521d360b09744be15fbcca05d1
SHA256

a7f19ed19fa41f9227f230739aa751308406e5d2833763763ae9df166cabd306
SHA512

2079fb739e4f1b71981489afe8332d981d227f9e896d837b22d9d09f67934c029425b2d9eee05973aeb7b45fa25e189720a78b01d7bfab016f9d7789f332e600
SSDEEP

49152:2Bv7umnPwjvu78n90DHrq7rXxHfS7RwGJIKoTEZTopTWXf3PYW5Y890phA1:2BjdG90XQx67RwGJNkTWXf3PY

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-07-03_b23afa5eb12241c83ea5b7f24be879e4_mafia

Files

2024-07-03_b23afa5eb12241c83ea5b7f24be879e4_mafia
.exe windows:5 windows x86 arch:x86

301b676aa86bea676d7b99616cdda636

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\game\MSP2\bin\win32\Release\Maize Sampler.pdb

Imports

mse

?CreatePlayerSkinBuffer@MInstrument@@QAEXH@Z
?SetPlayerSkinName@MInstrument@@QAEXAAV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
?AddSerialNumber@MInstrument@@QAEXAAV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
?RemoveAllSerialNumbers@MInstrument@@QAEXXZ
?RemoveSerialNumber@MInstrument@@QAEXH@Z
?GetSerialNumber@MInstrument@@QAEXHPAD@Z
?Save@MInstrument@@QAEXAAV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@_N@Z
?LoadEXS@MInstrument@@QAE_NAAV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
?SetSingleClientSample@MGroup@@QAEXH@Z
?MoveGroup@MInstrument@@QAEXHH@Z
?GetSampleCount@MGroup@@QAEHXZ
?GetSample@MGroup@@QAEPAVMSample@@H@Z
?AddClientSample@MGroup@@QAEXPAVMSample@@@Z
?RemoveClientSample@MGroup@@QAEXPAVMSample@@@Z
?RemoveAllClientSamples@MGroup@@QAEXXZ
?IsSampleInClient@MGroup@@QAE_NPAVMSample@@@Z
?SetSingleClientSample@MGroup@@QAEXPAVMSample@@@Z
?AskForEncodedSN@MSEDelegate@@UAEXPAD@Z
?AddSample@MGroup@@QAE_NPAVMSample@@@Z
?RemoveSample@MGroup@@QAEXPAVMSample@@@Z
?UpdateSampleMapping@MGroup@@QAEXXZ
?GetClientSampleCount@MGroup@@QAEHXZ
?GetClientSample@MGroup@@QAEPAVMSample@@H@Z
?GetSingleClientSampleIndex@MGroup@@QAEHXZ
?NewInstrument@MInstrument@@QAEXXZ
?CreateGroup@MInstrument@@QAEPAVMGroup@@AAV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
?RemoveGroup@MInstrument@@QAEXPAVMGroup@@@Z
?CreateSample@MInstrument@@QAEPAVMSample@@AAV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@UtagMSE_Rect@@E@Z
?GetSoundFile@MSample@@QAEPAVMSoundFile@@XZ
?UpdateProperty@MSample@@QAEXXZ
?UpdateSampleRange@MSample@@QAEXXZ
?GetSingleClientSample@MGroup@@QAEPAVMSample@@XZ
?SetPlayerLayoutXML@MInstrument@@QAEXAAV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
?DeselectGroup@MInstrument@@QAEXPAVMGroup@@@Z
?IsGroupSelected@MInstrument@@QAE_NPAVMGroup@@@Z
?GetCurrentClientGroup@MInstrument@@QAEPAVMGroup@@XZ
?UpdateAllSampleProperty@MGroup@@QAEXXZ
??0MInstrument@@QAE@XZ
??1MInstrument@@QAE@XZ
?ProcessAudio@MInstrument@@QAEXPAPAMHH_N@Z
?AddMIDIMessage@MInstrument@@QAEXPAEH@Z
?GetGroupCount@MInstrument@@QAEHXZ
?GetGroup@MInstrument@@QAEPAVMGroup@@H@Z
?SelectGroup@MInstrument@@QAEXPAVMGroup@@@Z
?GetCurrentClientGroupIndex@MInstrument@@QAEHXZ
?SetCurrentClientGroup@MInstrument@@QAEXH@Z
?GetSerialNumberCount@MInstrument@@QAEHXZ
?SetUIDelegate@MInstrument@@QAEXPAVMSEDelegate@@@Z
?Load@MInstrument@@QAE_NAAV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@0_N@Z
?UpdateProperty@MInstrument@@QAEXXZ
?SetBypass@MInstrument@@QAEX_N@Z
?SetSampleRate@MInstrument@@QAEXM@Z
?GetVersion@MInstrument@@QAEHXZ
?setMaxFileLimit@MSEUtil@@SAXH@Z

kernel32

HeapFree
HeapAlloc
DecodePointer
EncodePointer
HeapReAlloc
GetFileType
GetModuleHandleW
InterlockedDecrement
InterlockedIncrement
ExitThread
CreateThread
GetTimeFormatW
GetDateFormatW
WideCharToMultiByte
SetPriorityClass
GetCurrentProcess
WaitForSingleObject
SetEvent
GetCurrentThread
GetPriorityClass
LoadLibraryW
Sleep
MultiByteToWideChar
SetThreadPriority
GetProcAddress
ResetEvent
LoadLibraryA
CreateEventW
GetThreadPriority
CloseHandle
ExitProcess
CreateMutexW
FindFirstFileW
GetNativeSystemInfo
SetFilePointer
TryEnterCriticalSection
GetDriveTypeW
FreeLibrary
GetLogicalDriveStringsW
QueryPerformanceCounter
CreateDirectoryW
OutputDebugStringW
WriteFile
InitializeCriticalSection
TerminateThread
GetLocaleInfoW
CopyFileW
FormatMessageW
GetVersionExW
LeaveCriticalSection
IsProcessorFeaturePresent
GetFileAttributesW
TerminateProcess
ReadFile
GetModuleFileNameW
CreateFileW
FlushFileBuffers
GetTempPathW
GetLastError
GetCurrentDirectoryW
MoveFileW
EnterCriticalSection
FindClose
RemoveDirectoryW
GetModuleHandleA
IsDebuggerPresent
FindNextFileW
GetFileAttributesExW
QueryPerformanceFrequency
DeleteCriticalSection
GetCurrentThreadId
SetThreadAffinityMask
ReleaseMutex
DeleteFileW
GetVolumeInformationW
GetCommandLineW
GlobalSize
GlobalLock
GlobalAlloc
GlobalUnlock
GetCurrentProcessId
SetEnvironmentVariableA
CompareStringW
WriteConsoleW
GetTickCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetModuleFileNameA
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
GetUserDefaultLCID
GetStringTypeW
LCMapStringW
GetConsoleMode
GetConsoleCP
RtlUnwind
SetStdHandle
InitializeCriticalSectionAndSpinCount
SetHandleCount
SetLastError
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
HeapSize
RaiseException
GetStdHandle
HeapCreate
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetStartupInfoW
HeapSetInformation
GetCommandLineA
GetSystemTimeAsFileTime
GetTimeZoneInformation

user32

GetMessageExtraInfo
GetWindowRect
GetSystemMenu
DefWindowProcW
CreateWindowExW
GetDesktopWindow
SetWindowLongW
GetWindowLongW
RegisterClassExW
UnregisterClassW
DestroyWindow
GetWindowThreadProcessId
AttachThreadInput
DispatchMessageW
SendMessageTimeoutW
PeekMessageW
GetWindowTextW
MapVirtualKeyW
GetUpdateRgn
CloseClipboard
EnumDisplayMonitors
SetCursor
EndPaint
TranslateMessage
EnumWindows
SetFocus
GetFocus
PostMessageW
GetMessageW
ReleaseDC
GetDC
GetMessagePos
GetMessageTime
DestroyIcon
SetWindowTextW
SetClipboardData
SendMessageW
SetCaretPos
IsWindowVisible
GetSystemMetrics
ReleaseCapture
MessageBoxW
OpenClipboard
CreateCaret
GetActiveWindow
ShowWindow
SetLayeredWindowAttributes
GetCursorPos
SetWindowPos
DestroyCaret
DestroyCursor
RedrawWindow
EmptyClipboard
EnableMenuItem
SystemParametersInfoW
GetClipboardData
GetAncestor
SetCursorPos
InvalidateRect
GetAsyncKeyState
GetWindowPlacement
GetForegroundWindow
GetCapture
GetIconInfo
CreateIconIndirect
BeginPaint
IsChild
ShowCaret
WindowFromPoint
MessageBeep
GetWindowInfo
LoadCursorW
TrackMouseEvent
GetParent
SetForegroundWindow
SetCapture

gdi32

DeleteDC
CreateFontIndirectW
GetDeviceCaps
DeleteObject
SelectObject
CreateCompatibleDC
GetTextMetricsW
GetOutlineTextMetricsW
SetMapperFlags
GetKerningPairsW
EnumFontFamiliesExW
GetGlyphOutlineW
GetGlyphIndicesW
RestoreDC
CreateRectRgn
GetPixel
GetObjectW
StretchDIBits
SaveDC
CombineRgn
CreateRectRgnIndirect
GetRegionData
CreateBitmap
ExcludeClipRect
CreateDIBSection
SetMapMode

comdlg32

GetOpenFileNameW
GetSaveFileNameW

advapi32

RegCreateKeyExW
RegCloseKey
RegOpenKeyExW
RegOpenKeyW
RegQueryValueExW
RegEnumKeyW

shell32

SHGetMalloc
SHBrowseForFolderW
ExtractAssociatedIconW
ShellExecuteW
SHGetSpecialFolderPathW
SHGetPathFromIDListW

ole32

RegisterDragDrop
CoTaskMemAlloc
DoDragDrop
RevokeDragDrop
OleUninitialize
OleInitialize
CoTaskMemFree
PropVariantClear
CoInitialize
CLSIDFromString
CoCreateInstance

wininet

HttpQueryInfoW
InternetSetOptionW
InternetWriteFile
InternetConnectW
HttpOpenRequestW
FtpOpenFileW
InternetCrackUrlW
HttpSendRequestExW
InternetOpenW
InternetSetFilePointer
HttpEndRequestW
InternetReadFile
InternetCloseHandle

shlwapi

PathStripToRootW

winmm

midiOutShortMsg
midiOutOpen
midiOutClose
midiOutUnprepareHeader
midiInGetNumDevs
midiInOpen
midiInAddBuffer
midiOutLongMsg
midiInStart
timeBeginPeriod
timeGetTime
midiOutGetDevCapsW
midiInStop
midiOutGetNumDevs
midiInClose
midiInGetDevCapsW
midiInReset
midiOutPrepareHeader
midiInUnprepareHeader
midiInPrepareHeader

imm32

ImmReleaseContext
ImmGetCompositionStringW
ImmSetCandidateWindow
ImmNotifyIME
ImmGetContext

Sections

.text
Size: 1.5MB - Virtual size: 1.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1.9MB - Virtual size: 1.9MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 61KB - Virtual size: 73KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 461KB - Virtual size: 460KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 138KB - Virtual size: 137KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

301b676aa86bea676d7b99616cdda636

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

mse

kernel32

user32

gdi32

comdlg32

advapi32

shell32

ole32

wininet

shlwapi

winmm

imm32

Sections

.text Size: 1.5MB - Virtual size: 1.5MB

.rdata Size: 1.9MB - Virtual size: 1.9MB

.data Size: 61KB - Virtual size: 73KB

.rsrc Size: 461KB - Virtual size: 460KB

.reloc Size: 138KB - Virtual size: 137KB

.text
Size: 1.5MB - Virtual size: 1.5MB

.rdata
Size: 1.9MB - Virtual size: 1.9MB

.data
Size: 61KB - Virtual size: 73KB

.rsrc
Size: 461KB - Virtual size: 460KB

.reloc
Size: 138KB - Virtual size: 137KB